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(U//FOUO) Some of you have heard the buzz over the past several months about PKI 
certificates. The clock is ticking and everyone is on an end-of-the-year deadline! But what are 
these mysterious certificates? Who needs them? How do we get them? AND WHY?!?! The 
following paragraphs will answer these questions and offer a few secrets on how to get certified 
as quickly and as painlessly as possible! Don't wait until October— this requirement is not going 
to go away, so get it out of your way now!!! 

(U//FOUO) First, what is a PKI certificate? PKI stands for Public Key Infrastructure. The PKI 
system is a comprehensive encryption system that protects information against unauthorized 
disclosure, unauthorized modifications through digital signing, unauthorized access by enabling 
access controls and authorization services, and false user identifications. 

(U//FOUO) Who needs them? Almost everyone! If you work at NSA and you are a US citizen 
holding a blue, green, or gold badge, then YOU NEED ONE! So if you are a Second Party member 
or a non-US citizen, then you have some breathing room, but the system will be ready for you 
soon! 

(U//FOUO) WHY do we need them? This is perhaps the most important question. The answer 
is multi-fold. First, the current email encryption system, ICARUS, is going away. It will be out of 
service and the PKI system is the replacement. In addition, the PKI certificate will soon be a 
necessity in order to use CONCERTO, Peoplesoft, and other similar applications. So even if you 
rarely send encrypted emails, you still need to get the certificate. Without it, your 
individual access to certain information will be significantly limited. 

(U//FOUO) Now you know what a PKI certificate is, who needs it, and why. So now you need to 
know HOW TO GET IT! Here's how: 

(U//FOUO) Take a deep breath. Accept that this will take a bit of your time, but it must be done, 
so just dive in! Type "go pki" on the web. The PKI home page will appear and it will walk you 
through a four-step process that will culminate in obtaining your certificate. 

(U//FOUO) Warning! There are a few items in the process that can be confusing. Reading these 
hints, in conjunction with the instructions on the home page, will guarantee some time saved: 

• 1) Before you start, make sure that you have an active Searchlight account. If you do 
not, you will need to get one before you can get the certificate. 

• 2) When you get to the PKI Home Page, there are two seemingly good options: "Getting 
your NTS-PKI Personal Certificate" and "Getting your NTS-PKI Server Certificate". Click 
on "Getting your NTS-PKI Personal Certificate". 

• 3) If you are a Second Party member, you cannot get a PKI Certificate yet. 

• 4) In Step 2, the directions instruct you to check for your secondary SMTP address. 

Your secondary SMTP address is the lowercase one. You will see SMTP and smtp; the 

address that follows the smtp is your secondary address . 

• 5) If y ou do not have either the security switch or the secondary SMTP address. Call 

It's only takes a second for them to give you one. Really. 

• 6) For Step 3, you might want to print the page so that you can follow the instructions as 
you go along. Boxes start to pop up and it gets difficult to read the instructions and 




follow them correctly. 

• 7) In Step 3, if you enter your sid and it says that your Searchli ght informatio n does 
not match your Concerto information , don't panic. Just send H^|^^^|@nsa a 

short email that says your information does not match, and they wnMmmeaiately fix it. 
(Note: I had to call to get my secondary SMTP address and I had to send an email about 
a Searchlight mismatch, and getting to STEP 4 still only took me about 15 minutes! It 
just sounds worse than it is!) 

• 8) Thursday morning is not a good time for getting your PKI. The server goes through 
maintenance then, and the kiosks open late. It is possible to get your certificate in the 
late morning on Thursdays, but another day is probably a better option, if possible. 

• 9) Going to the kiosks. Ok, this involves a little bit of physical energy. Yes, you have to 
leave your desk and go to the kiosk (room) closest to you. If (and only if) you have to 
travel outside of the building, you must bring a courier bag with you. Please 
expect the kiosk to take about 15 minutes. It takes a few minutes for the machine to 
generate a password and to print it out. So don't get agitated, just expect a short wait. 

• 10) VERY IMPORTANT! At the kiosk you will receive information on completing your PKI 
certificate. You will return to your desk and follow a step-by-step package of instructions. 
ONCE YOU BEGIN THIS PROCESS YOU SHOULD SET ASIDE ENOUGH TIME TO 
COMPLETE THE WHOLE THING. It is much less confusing that way, and you avoid 
getting sidetracked. There is a link that is only valid for same-day use , so once you 
start, commit yourself to completing it. It will probably take you about 30 minutes to an 
hour to complete this final step. BUT THEN YOU'RE FINISHED! 

• 11) Final hint : Just accept that this process might be a little confusing, a little 
frustrating, a little time-consuming, but just sit down, take a deep breath and do it! It 
really isn't that bad!!!! 

(U//FOUO) If you have any further questions, the PKI Help Desk (^^^^^s) is available for 
any and all questions! 


"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet 
without the consent of S0121 (DL sid comms) ." 
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